ZCM TFTPD Remote Code Execution Security Vulnerability

For ZCM 11: This is fixed in version 11.1 - see KB 7008746 "ZENworks Configuration Management 11.1 - update information and list of fixes" which can be found at https://www.novell.com/support

Workaround: if it is not possible to upgrade to 11.1 at this time, in the interim, Novell has made a Patch available: it can be obtained at https://download.novell.com/Download?buildid=KN7WZylayYc~ as "ZCM 11.0 TFTP vulnerability - see KB 7007896 ".

 

For ZCM 10.3.2: This is fixed in version 10.3.3 - see KB 7007641 "ZENworks Configuration Management 10.3.3 - update information and list of fixes" which can be found at https://www.novell.com/support
Workaround: if it is not possible to upgrade to 10.3.2 at this time, in the interim, Novell has made a Patch available: it can be obtained at https://download.novell.com/Download?buildid=EXTzSp-HKZ8~ as "ZCM 10.3.2 TFTP vulnerability - see TID 7007896" 

 

For ZCM 10.3.1: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available: it can be obtained at https://download.novell.com/Download?buildid=YO_dVg28uzY~ as "ZCM 10.3.1 TFTP vulnerability - see TID 7007896" 

 

For earlier versions of ZCM 10: It will be necessary to upgrade to one of the above versions, and apply the appropriate patch